package com.tmpt.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;

import com.tmpt.service.IMenuService;
import org.apache.log4j.Logger;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;
import com.tmpt.service.ISecurityV2Service;

/**
 * 资源与权限对应关系
 * @author pay
 *
 */
@Service
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource{

	private List<String> passUrlList;
	private List<String> passDirList;

	//@Resource private ISecurityV2Service securityV2Service;
	@Resource private IMenuService menuService;

	Logger log = Logger.getLogger(this.getClass());

	public MySecurityMetadataSource() {
	}

	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}

	/**
	 * 返回所请求资源所需权限
	 */
	public Collection<ConfigAttribute> getAttributes(Object arg0)
			throws IllegalArgumentException {
		/*AbstractSecurityInterceptor securityInterceptor ;
		securityInterceptor.obtainSecurityMetadataSource();
		securityInterceptor.getAccessDecisionManager();
		securityInterceptor.getAuthenticationManager().*/

		Collection<ConfigAttribute> configAttrList = new ArrayList<ConfigAttribute>();
		FilterInvocation fi = (FilterInvocation)arg0;
		String requestUrl = fi.getRequestUrl();

		//放行的url目录
		if(passDirList!=null){
			for(String passDir:passDirList){
				if(requestUrl.contains(passDir)){
					return configAttrList;
				}
			}
		}
		//放行的url
		if(passUrlList!=null){
			for(String passUrl:passUrlList){
				if(passUrl.charAt(passUrl.length()-1)=='*'){
					passUrl = passUrl.replace("*", "");
					if(requestUrl.indexOf(passUrl)==0){
						return configAttrList;
					}
				}else if(requestUrl.equals(passUrl)){
					return configAttrList;
				}
			}
		}

		int index = requestUrl.indexOf("?");
		int indexKeyRandom = requestUrl.indexOf("_keyRandom");
		int index_And = requestUrl.indexOf("&");

		//图表的URL中有
		//admin123/template/charts/single.jsp?_keyRandom=20161104142000001&_chartType=spline
		if(requestUrl.contains("_keyRandom") && requestUrl.contains("_chartType")){
			//url不做处理
		}
		else if(index!=-1 && indexKeyRandom==-1){
			requestUrl = requestUrl.substring(0,index);
		}
		else if(index!=-1 && indexKeyRandom!=-1 && index_And!=-1){
			requestUrl = requestUrl.substring(0,index_And);
		}
		System.out.println("RequestUrl:"+requestUrl);

		//放行的URL
		///admin123/right_v2/securityv2Ajax_getCompanyDeptTree_access.action
		if(requestUrl.contains("_access.")){
			ConfigAttribute configAttr = new SecurityConfig("_ACCESS");
			configAttrList.add(configAttr);
			return configAttrList;
		}

		Set<String> authNameSet = menuService.getMenu2AuthListByUrl(requestUrl);
		System.out.println("authNameSet:"+authNameSet);
		if(authNameSet==null || authNameSet.size()==0){
			System.out.println("资源权限未分配:"+requestUrl);
			throw new AccessDeniedException("资源权限未分配:"+requestUrl);
		}

		for(String authName:authNameSet){
			//System.out.println(authName+" = "+requestUrl);
			ConfigAttribute configAttr = new SecurityConfig(authName);
			configAttrList.add(configAttr);
		}

		return configAttrList;
	}

	public boolean supports(Class<?> arg0) {
		return true;
	}

	public List<String> getPassUrlList() {
		return passUrlList;
	}

	public void setPassUrlList(List<String> passUrlList) {
		this.passUrlList = passUrlList;
	}

	public List<String> getPassDirList() {
		return passDirList;
	}

	public void setPassDirList(List<String> passDirList) {
		this.passDirList = passDirList;
	}

	public static void main(String[] args) {
		String passUrl = "/admin123/_validate.jsp*";
		System.out.println(passUrl.charAt(passUrl.length()-1));
		String requestUrl = "/admin123/_validate.jsp?time=sfdsdf";
		if(passUrl.charAt(passUrl.length()-1)=='*'){
			passUrl = passUrl.replace("*", "");
			if(requestUrl.indexOf(passUrl)==0){
				System.out.println(1);
			}else{
				System.out.println(2);
			}
		}else if(requestUrl.equals(passUrl)){
			System.out.println(3);
		}
	}
}
